When we left the attorneys, in the last installment, they were wondering just how the cyber industrial spies had gotten into their computers.

Alan: I don’t know how your intruders got in, so I’ll show you how an average intruder gets in. His first step would be reconnaissance where he uses the Web to find your IP addresses - the electronic tags that allow other computers to send information to your computers - and the names of the managing director and other senior partners and the structure of email addresses like First.Last@lawfirm.com, or FLast@lawfirm.com, or something else. That information would probably allow the would-be intruder to spoof email (send mail that appeared to come from the managing partner to other people in the firm).

Attorneys: Slow down! Too much jargon.

Alan: Ok, let’s go back up to 10,000 feet. The intruder wants to get someone in your firm, who has powerful access to your computers - either a senior partner or the system manager or administrators - to open a back door for them through which they can steal all your data. Does that make sense?

Attorneys: Yes. But none of our people would do that.

Alan: Not knowingly. I agree. But the intruders fool them into doing it.

Attorneys: How?

Alan: They would send a spoofed email - that’s one that looks like it came from you (looking at the managing partner) or you (looking at the IT partner) to your IT system manager saying something like, “I am a little concerned that if an attorney leaves the firm, we might not be able to tell what files he copied or emailed out in the weeks before he left. I’ve attached a description of a product that one of our clients told me about that purports to protect against just such unauthorized data leakage. I want you to take a look at it - download it and try it - and others that may do the same thing and come back to me in a couple weeks with an assessment. I don’t know much more about it than I have told you, so thanks in advance for a solid analysis.”